Jared Hanson

There’s a big difference between auth for agents, and auth for MCP. I want to hear people’s experience with the former.

SOAP had this same issue. Ultimately people moved off it and dropped RPC semantics.

The latest changes to MCP paradoxically make the protocol both better and more crufty. For instance, many RPC params are now duplicated as HTTP headers.

@yenkel @woloski @portalbosque_ Humans like work. We create technologies that create work. (“work” can also be read as “opportunity”)

this is what @woloski told me about what he is going through at @portalbosque_ he used AI and specifically openclaw to automate a lot, write a lot of software, got everyone on chat the surface area has grown so much that he now needs more people. from a scope perspective, he could get a lot more done. from a time perspective, he got to this point a lot faster than he would have without AI. so that accelerated things, but also makes him need help sooner

More REST, less SOAP.

@0xblacklight @RhysSullivan @aaronpk That said, you need to be an approved partner to get those details. I’m not on that list (yet!?). I’ve applied, but if anyone knows how to get access to the spec at least - I’d love to know. Paging @jeff_weinstein @irvinebroque

@0xblacklight @RhysSullivan @aaronpk Re: Stripe Projects. That is apparently supposed to be an open protocol - alluded to in Cloudflare’s support announcement: blog.cloudflare.com/agents-stripe-… I’m really excited about this, and have been eager to implement and give feedback.

I recently chose one vendor over a second because the first one had a more robust API and in an afternoon codex has built a pulumi provider around their API for me so that all our configs in their SaaS are managed with declarative code that's version-controlled, type-safe, and explicit for agents (instead of needing their CLI/MCP server) and plugs into our other IaC so we don't need to go do things in dashboards and then configure it in our IaC this is what headless SaaS for agents means btw not "ship an MCP server" let me (or codex) configure it with code code mode for SaaS if you will - IaC for SaaS configuration

@RhysSullivan I’d love to chat with you about what we are doing @KeycardLabs

I've got questions for the people having agents write software for their team: - Where do you deploy it? - How are you giving it access to integrations? - How are you managing access controls? Diving deep on this topic atm, if you're a company struggling with this let me know

When credentials expire in minutes, there’s no need to vault them.

Turns out it’s safer to execute code from an LLM than from npm.

@matthewcp 🙌

Drop any Hono middleware into your Astro pipeline. Logging, auth, rate limits, wherever you want them. Astro's stages are just middleware now.

@FredKSchott @MikeNomitch_CF It’s beautiful. You are certainly onto something special.

Blown away by the response to flueframework.com over the last 24hr. Feels like we're onto something special here. Grateful to everyone who's tried it, shared it, or sent feedback. We're already on PR #35... 😅

@yenkel @dwarkesh_sp Same. I may be feeling more inadequate than weak, seeing how the LLM is able to grasp and explain concepts much more quickly.

@jaredhanson I use LLMs a lot while reading about topics and digging in, so it makes my reading even more valuable e.g. when reading @dwarkesh_sp's book I used LLMs a lot to understand concepts sometimes is awkward with the phone. voice or in the glasses might be better

I like to read. And I like to deeply understand the details. I sometimes worry this is a weakness in the LLM era. Anyone else feel this way?

@DominikTornow @badlogicgames I like anything that evokes Smalltalk. Must be why I like Pi.

pi agent by @badlogicgames is the modern smalltalk, a developer environment and runtime that extends itself. Unlike smalltalk, you don't code what you want, you just say what you want

@dangtony98 So… OAuth.

This would be excellent as well as the ability to generate API keys programmatically would take it a step further. Having both of these endpoints would allow you to implement automatic secrets rotation and, even better, dynamic secrets (creds minted on the fly). More companies should be supporting this; especially in this AI era.

@DNAutics JavaScript will also never die.

In the future there will be two languages: elixir for orchestration, and zig for low level. Oh. And sql. Sql will never die

"Replacing long-lived keys with ephemeral keys is, for my money, one of the best uses of security engineering effort." is the best sentence I've read pertaining to my field in awhile. More at: argemma.com/blog/long-live…

sandbox initialization time is such a silly metric to focus on the agent using the sandbox takes 15m but thank god your sandbox is 0.02s faster than the competitors